[go: up one dir, main page]

CN100585555C - Method for identifying and removing potentially unwanted software - Google Patents

Method for identifying and removing potentially unwanted software Download PDF

Info

Publication number
CN100585555C
CN100585555C CN200610051556A CN200610051556A CN100585555C CN 100585555 C CN100585555 C CN 100585555C CN 200610051556 A CN200610051556 A CN 200610051556A CN 200610051556 A CN200610051556 A CN 200610051556A CN 100585555 C CN100585555 C CN 100585555C
Authority
CN
China
Prior art keywords
unwanted
potentially
program
user
software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200610051556A
Other languages
Chinese (zh)
Other versions
CN1841319A (en
Inventor
A·洛
A·K·布切
J·佳姆斯
K·M·阿扎德
M·E·赛恩菲尔德
P·J·布赖恩
S·M·利瑟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of CN1841319A publication Critical patent/CN1841319A/en
Application granted granted Critical
Publication of CN100585555C publication Critical patent/CN100585555C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Stored Programmes (AREA)
  • User Interface Of Digital Computer (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

一种用于标识和移去潜在地不需要的程序的方法。提供了一种向用户标识可疑程序并允许用户阻止可疑程序运行而不实际移去它们的机制。在一个实施例中,在GUI上显示标识潜在地不需要的程序的扫描程序数据,允许用户禁止其继续的执行。例如,不在已知的、良性的应用程序/进程列表上的任何软件可被标识为潜在地不需要的。类似地,显示一个或多个可疑行为的软件也可被如此标识,从而允许用户在正常和可疑软件之间进行区分,而不会不可逆地改变用户系统。

Figure 200610051556

A method for identifying and removing potentially unwanted programs. Provides a mechanism that identifies suspicious programs to the user and allows the user to prevent suspicious programs from running without actually removing them. In one embodiment, scanning program data identifying potentially unwanted programs is displayed on the GUI, allowing the user to disable their continued execution. For example, any software that is not on the list of known, benign applications/processes may be identified as potentially unwanted. Similarly, software that exhibits one or more suspicious behaviors can be identified as such, allowing a user to distinguish between normal and suspicious software without irreversibly altering the user's system.

Figure 200610051556

Description

Be used to identify and remove the method for unwanted software potentially
Technical field
Embodiments of the invention relate to unwanted software, relate in particular to be used to identify and remove the system and method for unwanted software potentially.
Background technology
Estimate at 4/5ths user and on its PC, have unwanted software.Many dealer have developed the program of removing these softwares.Usually, developed the set of the signature of representing each unwanted software, its computer search mates the object of these signatures.Do not need the tabulation of software to user's demonstration, and give the option that the user removed and/or isolated these objects.The problem of this method is to be the definite coupling of each unwanted software exploitation that should remove.This potentially the tabulation of unwanted software can ad infinitum increase and often need to upgrade.In addition,, there is the entity of any amount developing potentially and distributes unwanted software potentially, and be difficult on each machine, to install each the sign signature in them at any given time.
Embodiments of the invention overcome above-mentioned and system and method other defective at providing a kind of.More specifically, the present invention is directed to the system and method that is used to identify and remove unwanted software.
Summary of the invention
The system and method that is used to identify and remove unwanted software is provided.According to an aspect of of the present present invention, the scanning sequence data are upgraded to the GUI that is used for the general purpose application program management, be unwanted potentially to identify which specific software.When and figure ground visual to the user presented the formative especially tabulation of this software, the user can select to make these programs out of service.Program need not to remove from machine, but can be forbidden operation automatically, thereby reduces its influence to computer system.
According to another aspect of the present invention, provide about software is how highlighted to be unwanted or general suspicious tolerance and inspiration potentially.In one embodiment, provide " known list " widely of known applications and process, and anything of this tabulation that do not match is highlighted for unwanted potentially.This technology does not suffer unlimited " unwanted software tabulation potentially " arms race, because when having invented potentially the neomorph of unwanted software, they can be highlighted for unwanted potentially, and be shown for removing or forbidding.
According to another aspect of the present invention, provide to identify the feature list of unwanted software potentially.Whether the application program of supervision operation they fall in these features.For example, the software that uses up the CPU time amount of prolongation can highlight to the user in the tabulation of unwanted software potentially.
According to another aspect of the present invention, when from custom system, removing potentially unwanted software, provide the ability of recovering software to the user.Provide and given the simple UI that the enough data of user are made wise trust decisions.
According to another aspect of the present invention, a kind of crucial control desk view is provided, be used to identify the limit priority problem of unwanted software potentially with demonstration.Can be provided for changing the option of priority to the user, and when changing priority, can adjust the position of (for example, landing) indicating mechanism, to show new priority orders.For example, when first priority is reduced to second priority, can illustrates and set up the first new priority in the first priority space now.Unlike traditional user interface of striving for display menu in the same space, place and the UI/UX element can be associated more and according to seriousness tissue/priorization, and do not show what value consistent (user can check this value then, and manually assesses correlativity or seriousness) with which hurdle or tab stop.For example, storer, CPU, network C PU utilization factor etc. can move around based on its current serious, and can be according to priority but not data type organize.Even in seriousness, if first priority entry becomes even is more risky, then it can be presented simply or overstriking/luminous, perhaps when the risk that increases is guaranteed, glimmers or pipe.In other words, different Alert Level can be depending on the current serious rank and shows.Lower priority (for example, four, the 5th or the 6th priority) may not be shown to avoid disarraying viewpoint/thinking of user, if require the user to attempt to optimize lower priority, this can make the user have more risk (and therefore may ignore key risk how on the horizon).For example, if current with respect to other thing cpu busy percentage be more not crucial problem, then may not show cpu busy percentage.All of these factors taken together all can place under user's the control.
Be appreciated that embodiments of the invention are favourable, because it makes that user's system is less opaque, so they can easily inform the unwanted program when system has the system expandability of appending to point.By the user being placed circulation and what is " normally " and what is " abnormal " for its PC to user notification, embodiments of the invention make the user can understand what software be do not expect and can be forbidden safely.Be not to allow the user must prove that the process of operation is unessential and can be deleted safely, but the application program that embodiments of the invention require user's proof not identify is important, or default behavior is the application program that forbidding is discussed.Therefore this method is applied to nature inspection and balance on the almost unconfined extensibility of computing machine.
Description of drawings
When in conjunction with the accompanying drawings when following detaileds description, can understand easilier and understand above-mentioned aspect of the present invention and many attendant advantages better, in the accompanying drawing:
Fig. 1 is the process flow diagram that the general-purpose routine of the unwanted software potentially that is used for identifying computer system is shown;
Fig. 2 is the process flow diagram of routine that is used to create the tabulation of known applications;
Fig. 3 illustrates to be used to create to be used to identify the process flow diagram of the routine of the tabulation of the feature of unwanted software potentially;
Fig. 4 illustrates to be used for being provided for managing the process flow diagram of the routine of the option of unwanted software potentially to the user;
Fig. 5 A is the process flow diagram that the routine of the invasion that is used for monitoring software or suspicious feature is shown;
Fig. 5 B is the process flow diagram that the routine that is used for crucial control desk view is shown;
Fig. 6 illustrates to be used for the periodically process flow diagram of the routine of first example embodiment of spyware removing;
Fig. 7 illustrates to be used for the periodically process flow diagram of the routine of second example embodiment of spyware removing;
Fig. 8 illustrates to be used for the periodically process flow diagram of the routine of the 3rd example embodiment of spyware removing;
Fig. 9 illustrates the user to be used to manage the screenshot capture of the user interface of unwanted software potentially;
Figure 10 is the screenshot capture that the Fig. 9 that has wherein selected additional option is shown;
Figure 11 is the screenshot capture that the suspect software view is shown.
Embodiment
Fig. 1 illustrates to be used to identify and to forbid the process flow diagram of the general-purpose routine 100 of unwanted software potentially.At frame 110, scanning computer is to find out unwanted software potentially.At frame 120, present the tabulation of unwanted software potentially to the user.In one embodiment, the scanning sequence data are that " unwanted potentially " is upgraded to the GUI that is used for the general purpose application program management with respect to which software.At frame 130, the user can select to make that unwanted software is out of service potentially.This program need not to remove from machine, but can be forbidden operation automatically, has reduced its influence for computer system thus.
Fig. 2 illustrates to be used for being the process flow diagram of unwanted routine 200 potentially with choosing software to highlight.Can be unwanted potentially or generally suspicious many potential tolerance and inspiration relevant for how software being highlighted.As shown in Figure 2, in one embodiment,, create the tabulation of known applications and process at frame 210.At frame 220, any software of this known list that do not match and any kind in bad tabulation are all highlighted for unwanted potentially.Be appreciated that this technology does not suffer infinite blacklist list arms race, because when the neomorph of invention spyware, they, and are shown for removing or forbidding for unwanted potentially highlighted.
Fig. 3 illustrates to be used for monitoring software to find the process flow diagram of its unwanted potentially routine 300.At frame 310, create the feature list of unwanted software potentially.At frame 320, whether the application program of supervision operation they drop in the empirical features mode list.For example, use the software of the CPU time amount that prolongs to highlight to the user in the unwanted software tabulation potentially.
Fig. 4 illustrates to be used for being provided for managing the process flow diagram of the routine 400 of the option of unwanted software potentially to the user.At frame 410, when represent the user will be potentially unwanted software when isolating with system, notify the user, and the ability of this software of recovery be provided to the user.At frame 420, user interface is provided for blocking-up, allows or always pointed out the data of making wise trust decisions before executive software to the user.
Fig. 5 A is the process flow diagram that the routine 500A that highlights tabulation that is used to provide suspect software is shown.At frame 510, monitoring software is to find out invasion property or suspicious feature.At frame 520, in the suspect software view, provide the tabulation that highlights that is confirmed as computer operation tool invasion property or suspicious application program.In one embodiment, can be to invasion property or suspicious feature differentiation priority, as will be in greater detail with reference to figure 5B.
Fig. 5 B is the process flow diagram that the routine 500B that is used for crucial control desk view is shown.At frame 550, show and be used to identify the limit priority problem of unwanted software potentially.In the system of this type, can monitor many factors, if but only illustrate and keep not being examined and the top problem of most critical when continuing on speed, to increase.As an example, in one embodiment, first, second and the 3rd priority can be shown.
At frame 560, be provided for changing the option of the priority that is used for determining tool invasion property or suspect software to the user.When changing priority, can adjust the position of (for example, descending) indicating mechanism, so that new priority orders to be shown.For example, when previous first priority is reduced to second priority, can illustrates and set up the first new priority in the first priority space now.
At frame 570, will place and the UI/UX element is associated, and organize/priorization, rather than show what value consistent (user must check this value and manual correlativity or the seriousness assessed then) with which hurdle or tab stop according to seriousness.For example, storer, CPU, network C PU utilization factor etc. can move around based on its current serious, and can be according to priority but not data type organize.Be appreciated that this and strive for that potentially traditional UI of display menu is different in same position.
At frame 580, for the current serious rank provides indication.For example, if first priority entry becomes even is more risky, then it can be presented simply or overstriking/luminous, perhaps flicker or pipe when the risk that improves is guaranteed.In other words, depend on the current serious rank, can indicate different Alert Levels.
At frame 590, lower priority (for example, the 4th, the 5th or the 6th priority) is not shown potentially, to avoid with the more not crucial problem user being divert one's attention.In other words, it is desirable avoiding disarraying viewpoint/thinking, and thus, if require the user to attempt to handle the problem of lower priority, then the user is placed bigger risk, and finally this will make the user that the key risk that more closes on is divert one's attention.For example, if cpu busy percentage is current more inessential than other problem, then do not show cpu busy percentage.All of these factors taken together can place under user's the control.
Fig. 6-8 provides the example of the possible embodiment that removes according to periodicity spyware of the present invention.Fig. 6 illustrates the periodically process flow diagram of the routine 600 of first example embodiment of spyware removing.At frame 610, the user has enabled periodically spyware removing.At frame 620, check all softwares of operating on the PC and, carry out fault diagnosis about information of software by opening the software resource manager.Use the software resource manager, can easily determine when starting, to move the current expansion that moves, comprises BHO etc. of what software, what software.At frame 630, the selection unwanted software is forbidden or is removed.For example, but clickthrough sign with manual renewal, and can be unauthorized advertisement with suspicious program identification, this moment, this program was removed and relevant pop-up advertisement no longer occurs.
Fig. 7 illustrates the periodically process flow diagram of the routine 700 of second example embodiment of spyware removing.At frame 710, the user has enabled periodically spyware removing.At frame 720, user's PC is operational excellence always, but the fine caprice of user is seen and represented him to remove or blocked what software.The user selects " suspect software " link, the state that this link is presented at detected all spyware on the machine and indicates each spyware whether it be removed, forbid, enable etc.
Fig. 8 illustrates the periodically process flow diagram of the routine 800 of the 3rd example embodiment of spyware removing.At frame 810, the user has enabled periodically spyware removing.At frame 820, the user installs new application program on user's PC.For example, the user can install the freeware application that calculates the time zone.At frame 830, download new spyware signature and operation scanning.Be appreciated that the download of the new spyware signature of (for example, after the week) generation at any time.At frame 840, application program (for example, freeware time zone application program) is designated unauthorized advertisement, and PC is forbidden this software, but shortcut (for example, link) is retained in quick startup and the start menu.At frame 850,, provide to the user and tell their this software to be identified as potential spyware and disabled message with the protection computing machine when user next time clicks this link when starting application program.
Fig. 9 illustrates to be used to manage potentially the also screenshot capture 900 of the user interface of unwanted software.At screen area 910, this is provided is the indication of " safety warning (Security Warning) ".At screen area 920, " this has been identified as unwanted software potentially to notify the user.Whether do you still want bootup window? (This hasbeen identified as potentially unwanted software.Do you still want to run this ?) " at screen area 930, provide the title and the behavior (being " unauthorized advertisement (Unauthorized Advertising) " in this case) of unwanted software potentially to the user.At screen area 940, provide selection for " more multiselect item (More options) " to the user.At screen area 950, operation is provided or does not move the option of unwanted software potentially to the user.At screen area 960, provide to the user that " be your computing machine of protection, this software has been blocked operation.More information about this software Clicks here.(To?protect?your?computer,this?software?has?been?blockd?from?running.For?more?information?on?this?software,click?here.)”。
Figure 10 is that the user interface of wherein Fig. 9 is made the screenshot capture 1000 that " more multiselect item " selected from screen area 940.As shown in figure 10, at screen area 1040, provide " still less option (Fewer options) " to select to the user.At screen area 1045, be provided for " always ask me (Always ask me) " to the user; " never move this software (Never run this software) "; Or the option of " always moving this software (Always run thissoftware) ".By these options, the user can check and manage unwanted software potentially.
Figure 11 is the screenshot capture 1100 that suspect software is attempted.At screen area 1110, be provided for the indication of " software resource manager (Software Explorer) " and " suspect software (Suspicious Software) ".At screen area 1120, provide the search option of " keying in search (Type To Search) " to the user.At screen area 1130, be provided for the option of " file (File) ", " allowing (Allow) ", " removing (Remove) ", " isolating (Quarantine) ", " (Submit Report) turns in a report " and " operation scanning (RunScan Now) now ".At screen area 1140, be provided for the option of " installation procedure (Installed Programs) ", " new procedures (New Programs) ", " assembly (Component) " and " suspect software (SuspiciousSoftware) ".
At screen area 1150, denominational is provided, it comprises application program 1-12.At screen area 1160, the publisher hurdle is provided, it comprises the title of the publisher of each application program, is Contoso Corp. to all application programs under this situation.At screen area 1170, status bar is provided, it shows " isolating (Quarantined) " state of application program 2 and 3.At screen area 1180, the recommendation hurdle is provided, it shows application programs 1-3 " removing (Remove) " and recommends, and application programs 4-10 " isolating (Quarantine) " recommends, and application programs 11-12 " ignoring (Ignore) " recommends.
Be appreciated that embodiments of the invention have some advantages.What is " normally " and what is " abnormal " for its PC by the user being placed circulation and notifying the user, embodiments of the invention make the user can understand what software be do not expect and can be forbidden safely.Be not that the requirement user must prove that the process of operation is not important and can be removed by safety, but the application program that embodiments of the invention require user's proof not identify is important, otherwise the default behavior of system is the application program that forbidding is discussed.This method puts on " checking and balance " of nature the restricted hardly extensibility of computing machine.
Although illustrate and described preferred embodiment of the present invention, yet be appreciated that and make various changes therein and do not break away from the spirit and scope of the present invention.

Claims (19)

1. method that is used to identify unwanted program on the computer system comprises:
Create the tabulation of the program of known needs;
Described tabulation and other program are compared, and will be not the one or more program identifications in described tabulation for unwanted potentially;
At least one is designated unwanted potentially procedure identification is unauthorized advertisement based on being designated potentially the signature of unwanted program;
Removing the unwanted potentially program and the relevant pop-up advertisement that are identified as unauthorized advertisement no longer occurs;
Automatically forbid not being identified as the operation of unwanted program potentially that is designated of unauthorized advertisement; And
To the user provide option to allow forbidden unwanted program potentially operation or stop the operation of forbidden unwanted program potentially.
2. the method for claim 1 is characterized in that, described unwanted potentially program is presented to the user in tabulation.
3. method as claimed in claim 2 is characterized in that, the user can select to make unwanted potentially program out of service.
4. the method for claim 1 is characterized in that, described unwanted potentially program can representative of consumer be isolated, and provides the ability of recovering described program to the user.
5. the method for claim 1 is characterized in that, described unwanted potentially program is presented to the user, and the user can be chosen in the blocking-up before of the described unwanted potentially program of execution, allow or ask to point out.
6. the method for claim 1 is characterized in that, also can utilize feature list to identify unwanted potentially program.
7. method as claimed in claim 6 is characterized in that, certain some the grading list at least in the described unwanted potentially program is presented to the user.
8. the method for claim 1 is characterized in that, also can utilize the tabulation of known unwanted program to identify unwanted potentially program.
9. one kind is used to identify unwanted program technic, and described method comprises:
The tabulation of the program by contrasting known needs checks that whether unknown program identifies unwanted potentially program for unwanted potentially to determine described program;
At least one is designated unwanted potentially procedure identification is unauthorized advertisement based on being designated potentially the signature of unwanted program;
Removing the unwanted potentially program and the relevant pop-up advertisement that are identified as unauthorized advertisement no longer occurs;
Automatically forbid not being identified as the operation of unwanted program potentially that is designated of unauthorized advertisement; And
Present one or more described unwanted potentially programs to the user, and to the user provide option to allow forbidden unwanted program potentially operation or stop the operation of forbidden unwanted program potentially.
10. one kind is used to identify unwanted program technic, and described method comprises:
Utilization is used for potentially, and the feature list of unwanted program identifies unwanted potentially program;
At least one is designated unwanted potentially procedure identification is unauthorized advertisement based on being designated potentially the signature of unwanted program;
Removing the unwanted potentially program and the relevant pop-up advertisement that are identified as unauthorized advertisement no longer occurs; And
Automatically forbid not being identified as the operation of unwanted program potentially that is designated of unauthorized advertisement;
Present one or more described unwanted potentially programs to the user, and to the user provide option to allow forbidden unwanted program potentially operation or stop the operation of forbidden unwanted program potentially.
11. method as claimed in claim 10 is characterized in that, certain some the grading list at least of described unwanted program potentially is presented to the user.
12. method as claimed in claim 11 is characterized in that, described tabulation is based on chooses behavior to come classification.
13., it is characterized in that unwanted potentially program representative of consumer is isolated as claim 9 or 10 described methods, and notify the user and the ability of recovering described unwanted program potentially is provided to the user.
14., it is characterized in that whether the user blocks, allows or prompting always before can being chosen in the described unwanted potentially program of operation as claim 9 or 10 described methods.
15., further comprise as arbitrary described method in the claim 1,9 or 10:
One crucial control desk view is provided, is used to show be used to identify one or more high priority problems of unwanted program potentially.
16. method as claimed in claim 15 is characterized in that, the user can change described priority, and when described priority is changed, adjusts indicating mechanism to show the change of described priority.
17. method as claimed in claim 15 is characterized in that, the unknown of the element in the described crucial control desk view depends on that the current serious rank changes.
18. method as claimed in claim 15 is characterized in that, different Alert Levels can be depending on the current serious rank and indicates.
19. method as claimed in claim 15 is characterized in that, one or more lower priority projects are not shown.
CN200610051556A 2005-03-28 2006-02-28 Method for identifying and removing potentially unwanted software Expired - Fee Related CN100585555C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/092,995 2005-03-28
US11/092,995 US7685149B2 (en) 2005-03-28 2005-03-28 Identifying and removing potentially unwanted software

Publications (2)

Publication Number Publication Date
CN1841319A CN1841319A (en) 2006-10-04
CN100585555C true CN100585555C (en) 2010-01-27

Family

ID=36407987

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200610051556A Expired - Fee Related CN100585555C (en) 2005-03-28 2006-02-28 Method for identifying and removing potentially unwanted software

Country Status (10)

Country Link
US (1) US7685149B2 (en)
EP (1) EP1708115A1 (en)
JP (1) JP4936762B2 (en)
KR (1) KR101224793B1 (en)
CN (1) CN100585555C (en)
AU (1) AU2006200384A1 (en)
BR (1) BRPI0600631A (en)
CA (1) CA2534728A1 (en)
MX (1) MXPA06002337A (en)
RU (1) RU2006105532A (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8572381B1 (en) * 2006-02-06 2013-10-29 Cisco Technology, Inc. Challenge protected user queries
US20070258469A1 (en) * 2006-05-05 2007-11-08 Broadcom Corporation, A California Corporation Switching network employing adware quarantine techniques
EP1916596A1 (en) * 2006-10-26 2008-04-30 Hewlett-Packard Development Company, L.P. Improvements in or relating computer network management
KR100907453B1 (en) * 2006-12-27 2009-07-10 주식회사 안철수연구소 Software management method and system based on user evaluation
US20110185353A1 (en) * 2010-01-27 2011-07-28 Jack Matthew Mitigating Problems Arising From Incompatible Software
WO2011119137A1 (en) 2010-03-22 2011-09-29 Lrdc Systems, Llc A method of identifying and protecting the integrity of a set of source data
CN103685150B (en) * 2012-09-03 2015-08-12 腾讯科技(深圳)有限公司 The method and apparatus of upload file
US10089095B2 (en) * 2015-05-06 2018-10-02 Mcafee, Llc Alerting the presence of bundled software during an installation
US10027692B2 (en) * 2016-01-05 2018-07-17 International Business Machines Corporation Modifying evasive code using correlation analysis
US11936662B2 (en) * 2020-08-26 2024-03-19 Avanan Inc. Unified security report and interface with multiple security layers
US11831729B2 (en) * 2021-03-19 2023-11-28 Servicenow, Inc. Determining application security and correctness using machine learning based clustering and similarity

Family Cites Families (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH03233629A (en) * 1990-02-09 1991-10-17 Nec Corp System for checking destruction of execution format file
US7281268B2 (en) * 1999-11-14 2007-10-09 Mcafee, Inc. System, method and computer program product for detection of unwanted processes
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
US7350204B2 (en) 2000-07-24 2008-03-25 Microsoft Corporation Policies for secure software execution
US7263616B1 (en) * 2000-09-22 2007-08-28 Ge Medical Systems Global Technology Company, Llc Ultrasound imaging system having computer virus protection
US20030037138A1 (en) * 2001-08-16 2003-02-20 International Business Machines Corporation Method, apparatus, and program for identifying, restricting, and monitoring data sent from client computers
US7509679B2 (en) * 2002-08-30 2009-03-24 Symantec Corporation Method, system and computer program product for security in a global computer network transaction
US20040255137A1 (en) * 2003-01-09 2004-12-16 Shuqian Ying Defending the name space
KR20040065674A (en) * 2003-01-15 2004-07-23 권창훈 Host-based security system and method
JP3835421B2 (en) * 2003-03-28 2006-10-18 コニカミノルタビジネステクノロジーズ株式会社 Control program and control device
CA2464788A1 (en) * 2003-04-16 2004-10-16 Wms Gaming Inc. A gaming software distribution network in a gaming system environment
CA2472366A1 (en) * 2003-05-17 2004-11-17 Microsoft Corporation Mechanism for evaluating security risks
JP3971353B2 (en) * 2003-07-03 2007-09-05 富士通株式会社 Virus isolation system
WO2005020002A2 (en) * 2003-08-15 2005-03-03 Fiberlink Communications Corporation System, method, apparatus and computer program product for facilitating digital communications
US20050144241A1 (en) * 2003-10-17 2005-06-30 Stata Raymond P. Systems and methods for a search-based email client
US7536421B2 (en) * 2003-10-31 2009-05-19 Landmark Technology Partners, Inc. Intelligent client architecture computer system and method
US7467409B2 (en) * 2003-12-12 2008-12-16 Microsoft Corporation Aggregating trust services for file transfer clients
US7765592B2 (en) * 2004-01-10 2010-07-27 Microsoft Corporation Changed file identification, software conflict resolution and unwanted file removal
WO2005099340A2 (en) 2004-04-19 2005-10-27 Securewave S.A. On-line centralized and local authorization of executable files
US20070067297A1 (en) * 2004-04-30 2007-03-22 Kublickis Peter J System and methods for a micropayment-enabled marketplace with permission-based, self-service, precision-targeted delivery of advertising, entertainment and informational content and relationship marketing to anonymous internet users
US20050268112A1 (en) * 2004-05-28 2005-12-01 Microsoft Corporation Managing spyware and unwanted software through auto-start extensibility points
US7660999B2 (en) * 2004-06-22 2010-02-09 Microsoft Corporation MIME handling security enforcement
US7962449B2 (en) * 2004-06-25 2011-06-14 Apple Inc. Trusted index structure in a network environment
US7441273B2 (en) * 2004-09-27 2008-10-21 Mcafee, Inc. Virus scanner system and method with integrated spyware detection capabilities
US7480683B2 (en) * 2004-10-01 2009-01-20 Webroot Software, Inc. System and method for heuristic analysis to identify pestware
US20060167886A1 (en) * 2004-11-22 2006-07-27 International Business Machines Corporation System and method for transmitting data from a storage medium to a user-defined cluster of local and remote server blades
US7409719B2 (en) * 2004-12-21 2008-08-05 Microsoft Corporation Computer security management, such as in a virtual machine or hardened operating system
US20060149845A1 (en) * 2004-12-30 2006-07-06 Xinnia Technology, Llc Managed quality of service for users and applications over shared networks
US7565695B2 (en) * 2005-04-12 2009-07-21 Webroot Software, Inc. System and method for directly accessing data from a data storage medium
US8438499B2 (en) * 2005-05-03 2013-05-07 Mcafee, Inc. Indicating website reputations during user interactions
US20060253584A1 (en) * 2005-05-03 2006-11-09 Dixon Christopher J Reputation of an entity associated with a content item
US20070006311A1 (en) * 2005-06-29 2007-01-04 Barton Kevin T System and method for managing pestware
US7730040B2 (en) * 2005-07-27 2010-06-01 Microsoft Corporation Feedback-driven malware detector
US9471925B2 (en) * 2005-09-14 2016-10-18 Millennial Media Llc Increasing mobile interactivity
US20070239724A1 (en) * 2005-09-14 2007-10-11 Jorey Ramer Mobile search services related to direct identifiers
US20070061242A1 (en) * 2005-09-14 2007-03-15 Jorey Ramer Implicit searching for mobile content
US20070168354A1 (en) * 2005-11-01 2007-07-19 Jorey Ramer Combined algorithmic and editorial-reviewed mobile content search results
WO2007134250A2 (en) * 2006-05-12 2007-11-22 Goldengate Software, Inc. Method for forming homogeneous from heterogeneous data
US8646038B2 (en) * 2006-09-15 2014-02-04 Microsoft Corporation Automated service for blocking malware hosts

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
How to use the Microsoft AntiSpyware Beta to remove Spyware. Microsoft. 2005 *

Also Published As

Publication number Publication date
AU2006200384A1 (en) 2006-10-12
CA2534728A1 (en) 2006-09-28
CN1841319A (en) 2006-10-04
KR20060103826A (en) 2006-10-04
US7685149B2 (en) 2010-03-23
JP2006277747A (en) 2006-10-12
BRPI0600631A (en) 2006-11-28
JP4936762B2 (en) 2012-05-23
US20060218145A1 (en) 2006-09-28
MXPA06002337A (en) 2006-09-27
KR101224793B1 (en) 2013-01-21
RU2006105532A (en) 2007-09-27
EP1708115A1 (en) 2006-10-04

Similar Documents

Publication Publication Date Title
US11516237B2 (en) Visualization and control of remotely monitored hosts
CN103065091B (en) Reduce with malware detection expanding system
US8230502B1 (en) Push alert system, method, and computer program product
CN100585555C (en) Method for identifying and removing potentially unwanted software
US10853487B2 (en) Path-based program lineage inference analysis
EP3772004B1 (en) Malicious incident visualization
US20130160126A1 (en) Malware remediation system and method for modern applications
WO2021126747A1 (en) Method for detecting and defeating ransomware
US9424422B2 (en) Detection of rogue software applications
US9152791B1 (en) Removal of fake anti-virus software
US20160036834A1 (en) System and method for determining category of trustof applications performing interface overlay
EP3531327B1 (en) Cross machine detection techniques
TWI528216B (en) Method, electronic device, and user interface for on-demand detecting malware
US12255905B2 (en) Machine learning malware classifications using behavioral artifacts
Chiasson et al. Even experts deserve usable security: Design guidelines for security management systems
CN104050417A (en) Method and device for detecting software states at mobile terminal
Fassl et al. Comparing User Perceptions of {Anti-Stalkerware} Apps with the Technical Reality
Heartfield et al. Protection against semantic social engineering attacks
US9825986B1 (en) Systems and methods for generating contextually meaningful animated visualizations of computer security events
CN111880884A (en) Alarm display system and display method
WO2008036665A2 (en) Methods, media, and systems for detecting attack on a digital processing device
US20190268362A1 (en) Methods and systems for cyber-monitoring and visually depicting cyber-activities
US20240248986A1 (en) Determination method, determination device, and determination program
US20130276104A1 (en) System, method and computer program product for displaying security actions for undo purposes
RU2580053C2 (en) System and method of determining unknown status application

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150429

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150429

Address after: Washington State

Patentee after: MICROSOFT TECHNOLOGY LICENSING, LLC

Address before: Washington State

Patentee before: Microsoft Corp.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100127

CF01 Termination of patent right due to non-payment of annual fee